unknown ransomware, but unsegmented domain


According to the source, a “domain admin” — a user with the highest level of privileges on the network — clicked on a malicious link while they were logged in, which triggered the file-encrypting malware, according to Tech Crunch report. Because the thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups, the source said.

Incidents Caused by this Malware

Threat Actors Known to use this Malware

No threat actors identified